Generally, firewalls are devices in computer networks that are configured to apply one or more policies to traffic (e.g., data packets) that traverse the firewalls. For instance, the firewalls may inspect the traffic at a basic level, e.g., at source and destination addresses of packet headers, to permit or deny traversal of the packets based on access lists corresponding to the addresses. Often, the firewalls may also be configured to perform deep packet inspection on the traffic, wherein the firewalls inspect the packets further than simply the headers, e.g., to the data contained within the packets (“payload”). For example, firewalls are often utilized to inspect the payloads of packets for Voice over Internet Protocol (VoIP) or Video over IP applications (e.g., “Layer 7” application layer data), as well as for Network Address Translation (NAT) functionality and dynamic pinhole (access) control, as will be understood by those skilled in the art. Notably, packet inspection is not limited to simply reading the payload contents of packets, but also to modification of the packets, such as rewriting portions of the packets that contain address/port information (e.g., for NAT).
As more traffic within computer networks (e.g., the Internet) moves toward a secured mode of transport (e.g., authenticated and/or encrypted), traditional firewalls lose their ability to look into the packet payload, and particularly their ability to modify the packets. In other words, the firewalls are unable to deeply inspect the traffic payload because of their inability to decrypt the traffic. Accordingly, one option is to allow all secured traffic to traverse the firewalls without inspection. However, this option negates the use of the firewalls to inspect traffic, thereby potentially allowing illegitimate and/or harmful traffic to pass through freely, particularly for the Session Initiation Protocol (SIP) for VoIP traffic. Also, NAT functionality is generally unavailable when signaling is encrypted, as will be understood by those skilled in the art.